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Why Use a Web Application Firewall 


Why Use a Web Application Firewall 


HTTP(S) is the foundation of data communication for the World Wide Web, and functions 
as a request-response protocol for communications. Mobile apps, cloud computing, API 
communications, Intranet applications and webmail are common tools we use every day. 
These applications are all communicating over HTTP(S). 


Qualys provides applications that allow you to scan and identify vulnerabilities - Qualys 
Vulnerability Management (VM) and Qualys Web Application Scanning (WAS). 


Experience shows that patching web site source code can take longer than expected, 
depending on the affected component, development resources, and how agile the 
company is in applying and validating software updates. 


That's where Qualys Web Application Firewall (WAF) comes in. This is an immediate 
remediation tool that is able to protect your web applications against attacks and gives 
your development team time to fix important security issues. 


| Web Application Firewall v Help w {v Log out 


Dashboard Events Web Applications Security WAF Appliances 


Web Applications Web Applications Web Servers Healthchecks SSL Certificates Custom Response Pages l 


Search for web applications by entering properties Hide Graphs 


| Graph Fiters By Deployment 


| Active web applications 100% 


By Status 


Total 3 Degraded 0 Bus 
Ur 


Up 3 Unused 0 
Down 0 


New Web Application 1-30f3 EA 


Using WAF users can deploy multiple firewall instances for their web applications. Each 
firewall consists of a virtual appliance that is configured to reverse proxy your HTTP(S) 
traffic. This appliance will be located in your virtualization platform (Amazon EC2, 
Microsoft Azure, Google Cloud, VMware or Hyper-V) on a server or docker (container), and 
will be instantiated from a Qualys image. We’ll walk you through the steps in this user 
guide. 


The Qualys Advantage 


The Qualys Advantage 


Qualys offers a powerful, next generation web application firewall that uses an always up 
to date security ruleset to secure your web applications. This modern firewall uses a 
cloud-based approach and provides a classic mode of operation and deployment. 


All security events are routed through the Qualys Cloud Platform. They are continuously 
monitored and analyzed by our security researchers in order to compute the best ruleset 
for blocking the latest attacks and zero-day vulnerabilities. Qualys WAF users set up 
security policies for their web applications based on rules to filter, monitor, block and 
report on events. 


Qualys WAF makes it easy to understand the security of all your web applications at once. 
A concise visual dashboard summarizes the various events that have occurred, when they 
took place and where they came from. Easily get interactive insights into potential threats 
and find detailed information on each potential threat and how to address it. 


Web Application Firewall v Help v v | Logout 


Dashboard Events WebApplications Security WAF Appliances 


Dashboard - All Web Applications All Web Application ax] [test 2¢hours [x 
GE 27 Total Alerts Severity EEJ severity OM Severity 
Thu 26 Jan 2017 - Fri 27 Jan 2017 4.84K 1.84K 0 0 


Activity Timeline 
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Web Application Statistics 


Blocked Events Client Bandwidth 


Hits 
UUL. 2.08k 0 WU 10.9 MB 


Event Summary Top Events Traffic Origins 
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Get Started 


Get Started 


Start protecting your web applications and blocking attacks now! We’ll help you do this 


quickly. 


PCI Compliance 


AR Achieve compliance with the PCI Data Security 


Standard (DSS). 


Web Application Scanning 


Automat 
Reporting 


Malware Detection 
Scan and Monitor Your Sit 


Web Application Security Assessment and 


for Malware Infections 


Web Application Firewall 
AZI Detect attacks and protect your web applications 


Log in to your Qualys account and choose WAF 


You'll see our Quick Start Guide the first time you log in 
- just follow the steps to get started. You'll find 
tutorials and links to other helpful information. 


Web Application Firewall {v 


Getting started is easy 


Dashboard Events Web Applications Security WAF Appliances 


Welcome to Qualys® Web Application Firewall 


Thank you for signing up for our web application firewall solution in the cloud. 
Start protecting your web applications and blocking attacks now! 


© Create a Web Application Firewall Cluster > 


ET Create a new WAF cluster to register appliances with Qualys Cloud Platform. 


© Create a Web Application > 


For each application you want to protect enter network settings, configure SSL certificates if needed, define security settings using policies, HTTP profiles 
and custom rules, configure web server pools and health checks and assign a WAF cluster. 


© Configure WAF appliances > 


Raa 

Sese 

GK Deploy virtual appliances or virtual containers for the WAF cluster within your environment. 
= 


© We're now monitoring your applications! > Qualys Top Community Posts 
Check out the security events we've found on your applications. Want to leam more about an event? Just view the event details. 


Help v vw | Logout 


Video Tutorials 


Introduction to the Qualys Web Application Firewall 
Service 


Standard Security Policy Creation 
Creation and Deployment of WAF Appliances 


Skip to Dashboard > Creating and Protecting Web Applications 


WAF video series 


Tip Get back to the Help w Ketan Sevekari w Log out 
Quick Start Guide & y Prone 
anytime - it’s on the FRE 
user name menu nes == 


Introduction to the Qualys Web Application Firewall 
Service 


Standard Security Policy Creation 


Create WAF Cluster 


Create WAF Cluster 


A WAF cluster is the pivot between the web application and the appliance it is being 
proxied through. It is a group of one or more WAF appliances (or proxy-set). A WAF Cluster 
can contain several appliances, but each will act as standalone, while processing the 
traffic exactly the same way across all the appliances that are registered with the named 
Cluster. A Web Application can be proxied over several clusters. 


Note: When a configuration change is detected in any of the web applications, the 
WAF appliance receives the configurations for all the deployed web applications. 
When the WAF server receives the configuration changes, it reloads the 
configuration at runtime to apply the changes. The time that the WAF server takes 
to reload the configuration depends on the size of the configuration, which in turn 
depends on the number of web applications and the customized behavior settings 
configured on each web application. 


To avoid the frequent updates that may cause latency, we recommend limiting the 

number of web applications deployed for each WAF appliance to 10. If you keep the 
number of web applications deployed on each WAF appliance smaller, you will have 
a better WAF experience. 


It’s easy to create a WAF Cluster. Go to WAF Appliances > WAF Clusters and click the New 
WAF Cluster button. 


Web Application Firewall {v Help w {v Log out 


Dashboard Events Web Applications Security WAF Appliances 


WAF Appliances WAF Clusters JEE 


WAF clusters by entering properti Show Graphs 


arch for W ering properties 
| New WAF Cluster |} New WAF Appliance 1-20 of 22 Lee av 


Name / Token Total Web Applications Total Appliances Last Update Date ~ Details 


Enter an arbitrary name. To help with cluster management you can add description and 
assign tags. 


WAF Cluster Creation Turn help tips: On| Off Launchhelp % 


Step 1 of 4 Configure basic information about your WAF cluster 


PR (*) REQUIRED FIELDS 
(1) Cluster Details iht ouf Rene D ations might t Rs ob 


2 COANE Basic Information 


Name* My WAF Cluster 
Automatic Updates 


EH Description 2048 characters maximum. 
ew And Confirm 


Tags 
Select tags to apply to the cluster Select | Create | Remove All 


Region A 


Create WAF Cluster 


For error responses you can choose to show the default WAF error page (404), or define a 
custom response or a redirection code (301 or 302) along with a location. Selecting Block 
will display the default WAF error page. 


WAF Cluster Creation Ue ees) Whenever a request is 
addressed to a nonexistent 
a e + ADN, you can choose to 
| display the default WAF error 
sde E =o! page, a custom response 
page or you can redirect the 
nonoo O request towards a specified 
BE location. This happens if a 
Trusted Ps malicious user forges a 
m UI e eg x GJ request with a false host 
woa header or the host requested 
ré "| is missing in the alias 
configured for your web site. 


Step 2 of 4 Cluster Configuration 


3 Automatic Updates 


You can provide the IP address/range/network of trusted origin proxies or load balancers 
configured in full-proxy mode. If the request is not from a trusted source the X- 
Forwarded-For header values are automatically discarded. If you do not provide IP 
addresses for trusted origin proxies or load balancers, then IP addresses as per RFC1918 
are trusted. 


You can schedule automatic updates for appliances registered to this cluster. See 
Schedule appliance auto-update. 


Once your cluster is created it shows up on the UI under the WAF Appliances > WAF 
Clusters tab. To view information about various cluster statuses and their meanings, click 
Help > Online Help and then on the Manage WAF clusters page, click Tell me about 
cluster status.The status © means the cluster does not have any WAF appliances 
assigned to it yet (we’ll do this soon). 


Web Application Firewall v Help w v Log out 


Dashboard Events Web Applications Security WAF Appliances 


WAF Appliances WAF Clusters WAF Appliances 


Show Graphs 


Search for WAF clusters by entering properties 


New WAF Cluster | | New WAF Appliance | Last synchronization date: 10 Feb 2017 1:43PM GMT+0530 | 1-10f1 öv 
Name / Token Total Web Applications Total Appliances Last Update Date x» Details View | Edit 
O My WAF Cluster e 10 Feb 2017 My WAF Cluster 
by 
[[ Region a $ 44401 


40 Feb 2017 1:37PM GMT+0530 


10 Feb 2017 1:41PM GMT+0530 


7274A1F4-8BEF-4EC0-890E- 
E1069248788B 


Show Graphs 


v 


530 1-10f1 ü 


x Details View | Edit 
My WAF Cluster 


44401 


10 Feb 2017 1:37PM GMT +0530 


pdated 10 Feb 2017 1:41PM GMT +0530 


7274A1F4-8BEF-4EC0-890E- enmsnsus: 


E106924878B8 


TAGS 


This duster has been assigned the following tags 


[[ Region a 


Notice the Registration 
Code. You'll use this to 
register your WAF cluster 
when you configure a WAF 
appliance. 


Create WAF Cluster 


Explore Security Policies 


Explore Security Policies 


The security policy you assign to your web application determines the WAF inspection 
criteria and sensitivity level - this impacts what violation we’ll report for your web 
application and whether or not we'll flag the traffic as malicious. 


Good to know 
Only one security policy can be assigned to each web application. 
Choose from out-of-the box policy templates provided by Qualys with this release - 


Drupal, Joomla, Wordpress, and OWA. Built-in Templates and System Policies are not 
modifiable. 


El e Drupal Template 
S pa iv | d 

E e Wordpress Template 

e Joomla! Template 


Or start with a blank policy and customize the policy settings. You can create multiple 
policies and assign them to your various web applications (one to each web app). 
Go to Security > Policies and click the New Policy button. 

Web Application Firewall v Help ze v Log out 


Dashboard Events Web Applications Security WAF Appliances 


Security Policies HTTP Profiles Rules KnowledgeBase 


rch for policies by entering properties Show Graphs 


| New Policy 1-200f21 | be Ov 


[l Name Type Last Update Date x. Details 
© Custom security policy Custom 13 Sep 2016 Please select a record. 


+ SUB SEC POLICY Custom 27 Aug 2016 
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Explore Security Policies 


Our wizard will help you with the settings. 


Application Security 8 Security Policy Creation Tum help tips: On | Off Launchhelp % 
Configure a sensitivity 

: Configure policy controls for your security policy 
rating (20 to 80) for the REPOS 
various detection categories. LES, Ei 
This impacts what D HS cee are a mara 
inspection will be @ Poticy controts y a 
performed by filtering 
potentially noisy events. 
Policy Controls - Set threat | == zer D 


level thresholds (1 to 100) 
for logging and blocking. 
This impacts what events 
we will log and block. 


ali 


Create application profiles 
Web Server Pool Profile 


Create application profiles 


Qualys WAF now allows you to create reusable profiles for settings which can be 
commonly used by multiple web applications. Reusable profiles can be created for Web 
server pools, healthcheck parameters, SSL certificates, and HTTP protocol filters. 


Good to know 


For each web application in your account you'll assign 1 profile of each type, i.e. Web 
server pool, healthcheck, SSL certificate, and HTTP protocol filters. 


Web Server Pool Profile 


Don’t have a dedicated load balancer? No worries, with newly introduced web server 
pools, Qualys WAF can now load balance traffic between multiple origin servers. 
Alternatively, if your web application resides on a docker (container), enable Docker 
platform to provide docker information. You can choose one web server pool per web 
application. 


Go to Web Applications > Web Servers and click the New Web Servers button. 


Web Application Firewall {v Help w {v Log out 


Dashboard Events Web Applications Security WAF Appliances 


Web Applications Web Applications Web Servers Healthchecks SSL Certificates Custom Response Pages 


Search for servers by entering properties. Show Graphs 


New Web Servers 1-200f30 | be ar 


For docker support, specify the docker image ID. This will create a pool of all containers 
spawned from the docker image. 


For Web servers, add one or more severs in the pool, having common port and protocol. 


Web Servers Creation Tum help tips: On | Off Launchhelp x | 


Step 2 of 3 Web Servers configuration 


1 Web Servers Details yw Por” 
443 


© Ce ` 7 om All servers must have a 
D 


3 Review And Confirm common port and a 
Docker platform common protocol 


Web Servers 


@ https:// Type address + Enter n 
Remove All 
É hips Remove 
À https Remove 


& rte Remove 


Load-balancing 
roundrobin mM 
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Create application profiles 
Healthcheck Profile 


You can use weights for WAF to distribute the request load to various servers in the Web 
Server Pool. Simply add the weight (number) beside the server address. You can add 
weights to your existing pool as well. Default is 1. Maximum allowed value is 256. 


Consider a pool consisting of four origin servers with the weights 1, 2, 3 and 3. The total 
weights assigned to all servers is 9. WAF distributes 1/9th of total load to sever 1, then 
2/9th of total load to server 2, and so on. 


Then choose the load balancing method to determine which server receives the 
connection. 


Healthcheck Profile 


Create healthcheck profiles to monitor application’s availability against your web servers 
(containers). You'll choose one healthcheck profile per Web Application. It will be 
executed against all the web servers listed in the server pool, or against all containers 
spawned from the docker image ID, according to a user-defined frequency. If one backend 
web server (container) fails the healthcheck after X attempts, it will be considered down 
and no request will be steered to it until the service is back. Meanwhile, the firewall will 
keep probing the backend. 


Consequently, if all backend web servers (containers) fail the healthcheck, they will all be 
considered as down by the firewall, thus leading to application unavailability - meaning 
the WAF will stop forwarding the traffic on server-side. Instead, it will respond to the client 
with a user-defined HTTP response code. This “failure response code” is set within the Web 
Application itself, in the Application tab. 


Go to Web Applications > Healthchecks and click the New Healthcheck button. 


Web Application Firewall {v 


Help v w Logout 
Dashboard Events Web Applications Security WAF Appliances 
Web Applications Web Applications Web Servers Healthchecks SSL Certificates Custom Response Pages 
y propertie: Show Graphs 


While creating a healthcheck profile, specify the preferred HTTP method to query the 
application, the URL path to be checked, and the response code returned for success. You 
can also specify the “up” and “down” intervals and occurrences to fix the frequency of the 
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Create application profiles 
SSL Certificate Profile 


probes, along with the amount of successes or failures before changing backend web 
server’s status. Based on the healthcheck result, the server status is set to active or 


inactive. 


Healthcheck Creation 


Step 2 of 3 


1 Healthcheck Details Y Transaction Details 


[2] Configuration 


3 Review And Confirm Method* 
Path 


Expected response code* 


Intervals and occurrences 


Define the various me 


Interval when up* 


Interval when down* 


Healthcheck configuration 


for checking backend availability 


nethod, full path, and the succes: 


Turn help tips: On | Off Launchhelp %¢ 


e the details of a p 


ponse de that is exp 


Healthcheck is 


Number of checks before down* 


Number of checks before up* 


dic reque: 


(") REQUIRED FIELDS 


meant to test the 
ted in order to keer 


The WAF appliances tab displays the healthcheck status for all servers covered by an 
appliance. This server healthcheck information is grouped by each web application that 


the appliance monitors. 


SSL Certificate Profile 


Declare SSL materials used by your web applications on client-side. 


Go to Web Applications > SSL Certificates and click the New SSL Profile button. 


Web Application Firewall v 


Dashboard Events WebApplications Security 


Web Applications Web Applications Web Servers 


Search for SSL Certificates profile by entering properties. 


+ (| New SSL profile 


Healthchecks 


WAF Appliances 


SSL Certificates 
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Help v v | Logout 


Custom Response Pages 


Show Graphs 


1-80f8 öv 


Create application profiles 
Custom Response Pages 


Provide a PFX (PKCS12) or a PEM file, or simply copy-paste the contents of the PEM 
certificate, private key, and passphrase directly into the UI. 


SSL Certificates Profile Creation Tum help tips: On | Off Launch help % 
Step 2 of 4 Certificate and Private Key 
1 Basicinformation ` () REQUIRED FIELD: 
Please import your certificate and private key 
(2) Certificate 
Desired Method* 
CA Certificate Upload a PFX file “| 


p Upload a PFX file 


Review And Confirm |Upload PEM files 
Copy/Paste PEM content 


Please upload your PFX file. 


Choose File 


Drop file here 


WAF SSL Passphrase 


The private key will be encrypted with the newly generated WAF SSL Passphrase. Copy- 
paste the 64 byte passphrase to your appliance "wat ssl passphrase” environment 
variable. 


In the CA Certificate section, provide chained / intermediate certificate in PEM format. 


See CLI Reference in Virtual Firewall Appliance User Guide for details. 


Custom Response Pages 


Display a custom page instead of the default WAF error page, if your security policy blocks 
a particular section or a page on your web site or if a request cannot be routed to your 
origin server. 


Go to Web Applications > Custom Response Pages and click the New Custom Response 
Page button. 


Web Application Firewall v 


Help v v Logout 
Dashboard Events Web Applications Security WAF Appliances 
Web Applications Web Applications Web Servers Healthchecks SSL Certificates Custom Response Pages 
arch for cust: € pages by entering properties Show Graphs 
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Create application profiles 


HTTP Profile 


In the Configuration panel’s Response Page Body, paste your response in HTML format. 


Edit Mode 


Custom Response Page 
Details 


Configuration 


Action Log 


Custom Response Page Edit: test-vikas 


Custom Response Page configuration 


Custom Response Page Details 


<!doctype html> 
<html> 

<head> b 
<meta charset="UTF-8"> Ed 
<title>Access Denied</title> E 
</head> 

<style type="text/css">.a{font- 
family:"Lucida Grande","Lucida Sans 
Unicode","Lucida Sans","DejaVu 
Sans",Verdana,sans-serif;font- 
size:15px;color:#3a3a3a;padding- 
top:60px;padding- 
right:30px;padding- 
left:30px;padding- 
bottom:20px;height:400px;border:3 
px solid 
#e2e4e7;top:140px;background- 


Tum help tips: On| Off x 


(*) REQUIRED FIELDS 


HTML response 


al goes here 


This custom response can now be reused for multiple web applications and appliance 
clusters. Simply select your custom response page in the web application wizard, and the 


WAF cluster wizard. 


HTTP Profile 


Set up an HTTP profile to filter protocol oriented attributes (methods, content-type, 
declarative security, and information leakage attributes). You can choose one HTTP profile 


per web application. 
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Create application profiles 
HTTP Profile 


Go to Security > HTTP Profiles and click the New HTTP Profile button. 


Web Application Firewall {v Help w v Log out 


Dashboard Events Web Applications Security WAF Appliances 


Security Policies HTTP Profiles Rules KnowledgeBase 


E] | Search for protocols by entering properties Show Graphs 
New HTTP Profile 1-60f6 ET 
` ` Name Type Allowed Methods Cookies Protection Force Character Encod... Default Content Type Last Update Date = Details 


HTTP Protocol - Configure 
HTTP protocol analysis for 


Profile Creation Tum help tips: On 


the policy. Step 2 of 6 Configure HTTP Protocol analysis for your HTTP profile 
Web Services Protection LEE) Team Wer 
Enable XML/JSON parsing in @ umreseg y eee 
HTTP profiles to validate 5 Daa 
that transmitted payload is , — 
d 4 Information Leakage # 

XML/JSON compliant. en 

5 Declarative Security # O Deny Al, But Expict}y Alow 
Information Leakage z 6 Review And Confirm GET, POST 


Choose options for server 
cloaking, sensitive header 


Request Headers 


onfigure handling of suspicious HTTP request headers 


suppression. 

Detect Invalid Headers 
Declarative Security - Detect Repeated Headers 
Configure responses to Detect Chunked Encoding 


cookies, content-type 
sniffing and browser cross- 
site scripting. _Cancel_| Gus 


Request Content-Type 
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Define Your Web Application 


Define Your Web Application 


Tell us about the web application you want to monitor. 


Web Application Firewall  v Go i Web à 
Applications an 
Dashboard Events Web Applications Security WAF Appliances d 
click the New Web 
Web Applications Web Applications ICC TE TOC CSS Be Cle Application button. 


E Search for web applications by entering properties. 


| Actions (0) w ( | New Web Application 


ESPN" gema well help you build 
gd the web asset from 


scratch. 


Tip Is the web asset 
already in your 
subscription? Use 
rE CY Existing Asset to save 
time! (You'll just 
enter WAF settings.) 


Existing Asset 


i 
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Define Your Web Application 


1) Asset Details Give your web asset a name, tell us the primary URL, add custom 


attributes if any, and assign tags (optional) 


Web Application Creation 


Tell us about the asset you want to monitor 


Step 1 of 6 


@ Asset Details Definition 


2 Application 
Security 


Wr Clusters Target Definition 


Comments Web Application URL* 
a https:// www.sitel.com 


Review And Confirm 
Custom Attributes 


Value 


Enter one or many lines 


Tags 


Select tags to apply to the web application 


Turn help tips: On | Off Launchhelp %& 


Tip Turn on 
help tips (in 
messes | the title bar) 
and we'll 
show you 
useful tips as 
you hover 
over the 
various 


Select | Create | 


2) Application Set secondary URLs, and then select the reusable profiles created for Web 
Server pool and SSL Certificate. You can create new profiles directly from this wizard. 


Web Application Creation Turn help tips: On | Off Launch bein  % | Ti 


Configure application and network settings 


Step 2 of 6 
1 Asset Details wé Web Servers 
@ Application S 
b 
3 $ 
Soray, Server Pool* 
WAF CI Please select a server pool Div 
WA justers 
HTTP Response Timeout* 
Comments 60 
Review And Confirm Enable persistency 


Create 


Create 


Healthcheck 
Please select a healthcheck iv 
SSL Certificates 
Selec e file that stores appropriate SSL materials, and pick the prefered SS TLS pr 
Certificate* 
Please select a profile oy. 


Create 


Optionally 
select a 
Healthcheck 
profile and 
set the failure 
response 
code. 


Select the SSL profile, appropriate protocols, security levels, and ciphers. An SSL profile 
contains details about the required security certificate. List of available ciphers depends 
on the selected protocols and security levels. For SSL Certificates, we support TLS 1.0, TLS 
1.1, TLS 1.2 and TLS 1.3 protocols. The default protocols are TLS 1.1, 1.2 and TLS 1.3 and 
default security filters are Strong and Good. Ciphers are used in the order in which they 


are displayed. 
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Define Your Web Application 


3) Security Select an action, and then select or create security policy and HTTP profiles. 
Selecting Block with Custom Response allows you to display a custom message to the user 
if your security policy blocks a particular section or a page on your web site. Select a 
custom response page that you have created. 


Then add one or more custom rules to allow or block access to certain web application 


resources. 


Web Application Creation 


Turn help tips: On | Off Launch help % 


Configure policies for your web application 


Step 3 of 6 
1 Asset Details 
2 Application 


(3) Security 


4 WAF Clusters 


Comments 


Security Policy €) REQUIRED FIELDS 
Action* Block with Custom Response ¥ 
Custom Response Page* 

customPageOne Mel Edit Create 
Policy* 

Standard Policy à y Create 
HTTP Profile* 

Standard Protocol Lt bd Create 
Custom Rules 

Add custom rules: | Search... NA Add All | 


No custom rules selected 


4) WAF clusters Select a cluster to deploy your web app in. A cluster contains one or more 
appliances (reverse-proxies). 


Note: When a configuration change is detected in any of the web applications, the 
WAF appliance receives the configurations for all the deployed web applications. 
When the WAF server receives the configuration changes, it reloads the 
configuration at runtime to apply the changes. The time that the WAF server takes 
to reload the configuration depends on the size of the configuration, which in turn 
depends on the number of web applications and the customized behavior settings 
configured on each web application. 


To avoid the frequent updates that may cause latency, we recommend limiting the 

number of web applications deployed for each WAF appliance to 10. If you keep the 
number of web applications deployed on each WAF appliance smaller, you will have 
a better WAF experience. 
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Define Your Web Application 


It's possible for multiple WAF clusters to monitor the same web application. 


Web Application Creation Tum help tips: On | Off Launchhelp % 
Step 4 of 5 Configure WAF clusters for your web application 
4 Asset Details Selected WAF Clusters MESURE 
Please select WAF clusters to which your web application will be deployed 


2 Application 
© © My WAF Cluster 


3 Security Kë: © duster 


Q war ciusters 
Review And Confirm 
Once your web application is created it shows up on the UI under the Web Applications 
tab. To view information about various web application statuses and their meanings, click 


Help > Online Help and then on the Start monitoring your web applications page, click Tell 
me about status. 
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Configure WAF Appliance 


Configure WAF Appliance 


You'll add a WAF virtual appliance and configure it for your WAF cluster within your 
environment (Amazon EC2, Microsoft Azure, Google Cloud, VMware or Microsoft Hyper-V) 
on a server or docker (container). 


Good to know 


- A WAF cluster can be assigned as many WAF appliances as your subscription allows 
guaranteeing high availability and/or fault tolerance in your firewalling operations. 


- When a configuration change is detected in any of the web applications, the WAF 
appliance receives the configurations for all the deployed web applications. When the 
WAF server receives the configuration changes, it reloads the configuration at runtime to 
apply the changes. The time that the WAF server takes to reload the configuration 
depends on the size of the configuration, which in turn depends on the number of web 
applications and the customized behavior settings configured on each web application. 


- To avoid the frequent updates that may cause latency, we recommend limiting the 
umber of web applications deployed for each WAF appliance to 10. If you keep the 
umber of web applications deployed on each WAF appliance smaller, you will have a 
better WAF experience. 


5 


5 


Tell me the steps 


1) Add a new WAF Appliance for your WAF cluster. Just go to WAF Appliances > WAF 
Appliances, click New WAF Appliance, and we’ll walk you through the steps. 


Web Application Firewall v Help w {v Log out 


Dashboard Events Web Applications Security WAF Appliances 


WAF Appliances WAF Clusters WAF Appliances 


ntering properties Show Graphs 


Search for WAF appliances by e 
New WAF Appliance 1-4074 af v 


2) Configure the WAF appliance for your environment. See our step by step instructions for 
VMware, Hyper-V, Amazon EC2, Microsoft Azure, Google Cloud in Virtual Firewall 
Appliance User Guide, and Docker in Virtual Firewall Container User Guide. 


Once your appliance is registered it shows up on the UI under the WAF Appliances tab. To 
view information about various appliance statuses and their meanings, click Help > 
Online Help and then on the Manage WAF appliances page, click Tell me about appliance 
status. 


Firewall rules / EC2 security groups 
- Allow HTTP(S) traffic (TCP-80,443; or any other) to the WAF appliance from Internet. 
- Allow SSH (TCP-22) to the WAF appliance from a trusted management network only. 


- Allow minimum access to the origin web server(s): only the WAF appliance ip address 
should be granted access to web servers’ production [ip:port]. Any direct access should be 
strictly limited to the administration network only. 
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Configure WAF Appliance 


Load balancer considerations 


- Load balancers should be configured to hand off to WAF cluster nodes so we can 
appropriately configure redundancy within the infrastructure. 


- The WAF appliance functions as a reverse proxy. It is important that any DNS 
configurations, firewall NAT or load balancer configurations are set to forward traffic 
towards the WAF appliance. It will then inspect incoming request, and based on your 
configuration, hand it off to the appropriate origin server. 


Upgrading WAF appliances 


We regularly release scanner appliance software to bring you our latest features and 
improvements. When software updates are available use the cluster Upgrade option to 
upgrade all Scanner Appliances registered to that cluster. You can now choose to auto- 
update the appliances registered with a cluster. See Upgrading WAF clusters. 
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Configure Your Web Environment 


Configure Your Web Environment 


Be sure to get traffic to your WAF appliance - configure load balancers and/or DNS as 
needed to direct traffic to your WAF cluster for inspection. 


We recommend you check to be sure your WAF cluster has an active status. Go to WAF 
Appliances > WAF Clusters. 


- Status O means the cluster does not have any WAF appliances assigned to it. 


- Status © means the cluster has appliances registered, none are inactive, and the cluster 
protects at least one site. 


Sample WAF Clusters list 


Web Application Firewall {v Help w {v 
Dashboard Events Web Applications Security WAF Appliances 
WAF Appliances WAF Clusters WAF Appliances 
Search for WAF clusters by entering p Sh 
New WAF Cluster | | New WAF Appliance | Last synchronization date: 27 Jan 2017 1:36PM GMT-0800 1-19 of 19 
Name / Token Total Web Applications Total Appliances Last Update Date zı Details 
© qwaf15.p04 s que E 2 2 13 Jan 2017 qwaf15.p04. 
= 2 34402 
© awaf13.p04. 1 1 13 Jan 2017 
13 Jan 2017 8:03PA 
13 Jan 2017 8:03PA 
) WAfForm 11 Jan 2017 
b FCCII 
: 3 1 
© qlog7.p04. d 1 03 Jan 2017 TAGS 
) qwaf7.p04: 07 Dec 2016 
APPLIANCES 
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We’re Now Monitoring Your Web Application! 


We’re Now Monitoring Your Web Application! 


Check out the security events (violations) we've found on your web application. To 
discover more about an event, double-click the event or click View in the Quick Actions. 


| Web Application Firewall v Help v Log out 


Dashboard Events WebApplications Security WAF Appliances 
| 


| 


| Saved Searches + Default Filter 


save as Search Actions + 
Archived No + | False Positive No + | NotApplicable No + Hide Graphs This year v 
| 
| | 
| 
i | u 
2019-Jan-02 2019-Jan-10 2019-Jan-18 ` 2019-Jan26 2019-Feb-03 2019-Feb-11 2019-Feb-19 2019-Feb-27 2019Mar07 2019-Mar-15 2019-Mar:-23 201S-Mar31  2019-Apr-08 
1-20 of 4633 | > 2 ey 
o Message Type Source Threat Level Date KA 
E à © wattestpage.com 195.189.90.84 10 Apr 2019 
| SS Hours vanter tes tm Miechow, Poland 
E = © wattestpage.com XSS 195.189.90.84 10 Apr 2019 
S S - e ! mm i Zi ` 
| E © wattestpage.com XSS 195.189.90.84 10 Apr 2019 
e S s de 4 = Poland | 


You can view detailed information about each potential threat. Review the event details 


and take actions from the menu, i.e. mark the event as Flagged, False Positive, or Not 
Applicable. 


Tip - Clicking on a QID will take you to Qualys comprehensive KnowledgeBase which 
provides additional information about each threat and how to address it. 


Web Application Firewall v Help v w | Logout 


Dashboard Events WebApplications Security WAF Appliances 


ES EE 


< Backto List 4] Previous Event NedEvent [> 
M waftestpage.com Threat Level Actions w 
2019 2:'58Ph © Request Blocked 70 Jaik 
Export RAW 
2 Event Summary 
Unmark as flagged 
Web Application wai e.com Event Traffic Origin 
Policy Qui neric : best security , EES 
Message XSS: Heuristic cross-site scripting detected - s. 
Transaction ID 8357CDF6-C591-4301-80A9-75E523AD310D 
= Mark as Not Applicable 
Timestamp 10 Apr 2019 2:58PM GMT+0530 i 
Duration 3 msec o 
Source 195.189.90.84:43346 des 
= Miechow, Poland d 
Lesser Poland Voivodeship d > @ 
Forwardedby 10.115.75.202:43345 , à f 
Response Code 403 us" + 
an 150007 ESS 
Exception # - 
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Add Exceptions 


Add Exceptions 


Use Exceptions when you identify a false-positive or false-negative event. A false-positive 
is a legitimate request that has been unexpectedly blocked. A false-negative is a non- 
legitimate request that has been authorized while it shouldn't have. 


With Qualys WAF you can flag an event as a false-positive. To do that, go to Events > Event 
List, select an event, click on the arrow and select “Mark as False positive”. Bear in mind 
this is a simple marker, it does not impact traffic processing behavior. 


To create an exception, select an event, click on the arrow and select “Create exception” or 
select this option from the Actions menu when viewing an event. 


a Message Type Source Threat Level Date z 

wv waf-site6.eng.sjc01.qualys.com À Gr QUELS 100 02 Mar 2018 

S URL: / we SE H wem 4:32AM GMT+0530 
W ervice parsing error. Invalid char read in XML footer HEH 

E = © waf-site6.eng.sjc01.qualys.com Sie CEJ co 02 Mar 2018 

© ur: Mark as flagged 4:31AM GMT+0530 
2 1 escaping 

[C] = © wat-sites.eng.sjc01.qualys.com Mark as False positive CEJ co 02 Mar 2018 

URL: / 4:31AM GMT+0530 
t 1g d Mark as Not Applicable 

© waf-site6.eng.sjc01.qualys.com 70 02 Mar 2018 
URL: /?abdcef={"deptno":{"$ite&q... 3:51AM GMT+0530 

T] = © waf-site6.eng.sjc01.qualys.com XSS 10.4465195 70 02 Mar 2018 
URL: /7abdcef={"deptno":{"$ite&q... 3:46AM GMT+0530 

© waf-site6.eng.sjc01.qualys.com XSS 10.44.65.195 70 02 Mar 2018 
URL: /?abdcef={"deptno":{"Site&q... 3:46AM GMT +0530 


Exceptions are created in the form of custom rules. 


Rule Creation: Exception - Event 27A02C41-15F6-4056-9866-E75BE... Tum help tips: On | Off Launchhelp X 
Step 1 of 4 Configure basic information about your WAF rule 
(4) Rule Details Several web applications might be linke rende (*) REQUIRED FIELDS 


2 Conditions Basic Information 


3 Name* | Exception - Event 27A02C41-15F6-4056-9866-E75BE833716A 
Actions 


e A Description 2048 characters maximum. 
Review And Confirm 
Tags 
Select tags to apply to the rule Select | Create | 


selected) 
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Add Exceptions 


Rule details and conditions for the custom rule are auto populated based on the event. By 
default, the action for an exception is Allow or Block (the opposite of the original event's 
action). 


Rule Creation: Exception - Event 27A02C41-15F6-4056-9866-E75BE... mt enr 
Step 2 of 4 Rule conditions 
1 Rule Details Conditions nas 
9 SE 4 «aps aged in se el lee a praia el ie Be Sen es 
3 Actions gall naan us ee, a deg 
When rer 


Review And Confirm 
1 FE equa / 
2 FEES equal ve 


a eet body "parameter! xmi://myheader DETECT qid/226022 


Exceptions once created are linked to the web application. To view them, simply click View 
in the Quick Actions for a web application, and then click the Security pane. 


Deleting an exception from WAF events list does not remove the associated WAF custom 
rule. You can use the custom rule in the future for similar web applications. 
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Add Virtual Patches 


Add Virtual Patches 


Use Virtual Patches upon vulnerability detection by the Web Application Scanning 
module. To do that, select the WAS module, go to Web Applications > Detections, click on 
the arrow and select “Install Patch”. 


Web Application Scanning v ei Help w Ki Log out 


Dashboard WebApplications Scans  Detections Reports Configuration ` KnowledgeBase 


‘= Detection Management Detection List Burp Bugcrowd 


Search Results 1-20 0f 181 H? ov 
| search | ` status QiD* Name Group Last Detected Age Patch Severity 
à Filter Results https://bank.vuin.qa.qualys.com/?account=personal e 


=e F] New 150004 @ Path-Based Vulnerability P 12 En 
https://bank. vuin qa qualys.com/bog/protected/mime/APIS.Inc View 


Web Application 


E| New 150004 @ Path-Based Vulnerability Ignore En 
https://bank.vuin.qa.qualys.com/boq/protected/mime/WSDL/admin 
Tags E| New 004 @ Path-Based Vulnerability Install Patch =: 
https: lys.com/boq/protected/mime/defaultPage hqx 
v 
New 50004 @ Path-Based Vulnerability Fän = 
Last Scan Date hitps://bank vuln. ga.qualys.com/boq/protected/mime/wsdl/Displa 
Retest 
E| New 50004 @ Path-Based Vulnerability nm 
https://bank vu alys.com/boq/protected/mime/APIs/api.as 
Findin z 
3 E| New @ Path-Based Vulnerability PATH ot bay 
Finding Type https://bank vuln.ga.qualys.com/bog/protected/mime/ws/administ ¥ 


Virtual Patches are created in the form of custom rules. 


Rule Creation: Virtual Patch (150004) - Path-Based Vulnerabili... Tum help tips: On| Off Launchhelp % 
Step 1 of 4 Configure basic information about your WAF rule 
(4) Rule Details Several web applications might be linked to the same rule (*) REQUIRED FIELDS 


2 Weonditons Basic Information 


A Name* rtual Patch (150004) - Path-Based Vulnerability (#204369) 
ctions 


S Description 2048 characters maximum. 
Review And Confirm 
Tags 
Select tags to apply to the rule Select | Create | 


(no tags selected) 
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Add Virtual Patches 


Rule details and conditions for the custom rule are auto populated based on the detection. 
By default, the action for a virtual patch is Block. 


Rule Creation: Virtual Patch (150004) - Path-Based Vulnerabili... 


Tum help tips: On| Off Launchhelp % 
Step 2 of 4 Rule conditions 
4 Rule Details Conditions (*) REQUIRED FIELDS 
Build a set of conditions you want to match pı o triggering th F arefulh 
e up and down a in the textfield to display the 
3 Actions 


ET 


Review And Confirm 


1 euer e DETECT qd/150011 


2 meet meet equal cer 


Virtual patches once created are linked to the web application. To view them, simply click 
View in the Quick Actions for a web application, and then click the Security pane. 


Deleting a virtual patch from WAS detections list does not remove the associated WAF 
custom rule. You can use the custom rule in the future for similar web applications. 
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Add Custom Rules 


Add Custom Rules 


Use Custom Rules to define static traffic workflow. Rules allow you to fully control HTTP 
transactions in order to adapt the security policy in effect for enterprise constraints. 
Custom rules replace previous Access Rules and Control Rules. 


Go to Security > Rules and click the New Custom Rule button. 


Web Application Firewall v Help w v Log out 


Dashboard Events Web Applications Security WAF Appliances 


P ere) 
Security Policies HTTP Profiles KnowledgeBase 
Search for rules by entering properties Show Graphs 


Name Action Last Update Details 


We have provided various keys to form conditions for a rule. 


Want to see all the available keys? Simply place the cursor in the When field, and press 
the down arrow key on your keyboard to get a list of all available keys. Syntax help is 
available for every key. 


How do I get started? Press the Down arrow to see the available keys. 


Rule Creation Tum help tips: On | Off Launch help 3 


Step 2 of 4 Rule conditions 
Rule Details ~ Conditions SEE 
Conditions 


Actions P 
f available for fada | 
Review And Confirm = + every key 


Syntax Help 
client ip Build a condition based on client IP address or range. 
client ip address Format client ip protocol OPERATOR /PV4|IPV6. 


client ip.geolocation Examples 
Match client ip address 172.26.10.123 
client.ip.protocol me peer 
client.ip.address EQUAL "172.26.10.123 
ent sl Match client ip address range 172.26.10.10-50 
client.ssl.cipher client.ip.address IN-RANGE "172.26.10.10-50 


client ssl.protocol 


Previous J | Continue | 
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Add Custom Rules 


How do I add a condition? 


- Select a key like client.ip.address. 
- Then select an operator. Refer to the WAF online help for information on the DETECT 


operator. 
Click here for more information on using the MATCH operator. 


Rule Creation Tum help tips: On | Off Launchhelp x 


Step 2 of 4 Rule conditions 


1 Rule Details Conditions ") REQUIRED FIELDS 


opt Bui r All the conditions must be met to trigger this rule, so pick 
(2) Conditions ranged in fi e and transaction. The help menu will assi 
various ke 
3 Actions 
When dient.ip.address | 
Review And Confirm 
EQUAL 
Syntax Help 

NOT.EQUAL Build a condition based on client IP address or range. 
MATCH Format: client jo protocol OPERATOR IPV4|IPVE. 


Examples 
BEES Match client ip address 172.26.10.123 


client.ip.address EQUAL "172.26.10.123" 
Match client ip address range 172.26.10.10-50 
client.ip.address IN-RANGE "172.26.10.10-50" 


- Enter a value for your condition in double quotes. In this case we've entered an IP 
address. 


Rule Creation Turn help tips: On | Off Launchhelp x 
Step 2 of 4 Rule conditions 
1 Rule Details «y Conditions ee 
x conditions mus pick them 
(2) Conditions wë e and trans: you in learning the 
3 Actions 
When client.ip.address EQUAL "172.26.10.123" | Add | 


Review And Confirm 


- Press Enter to add your condition. It will look like this. 


Rule Creation Tum help tips: On | Off Launchhelp x 


Step 2 of 4 Rule conditions 


41 Rule Details Conditions dé cé sold 


ditions must be me ger this rule 
(2) Conditions ov: d in fiv Jient, server, request, e and transaction. The help menu will ass 


3 Actions 
When | 


1 CREME equa 17225 10.123 


Review And Confirm 


- Click the Add button to add another condition to your rule. 
- Complete the steps to add conditions as needed. 
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Add Custom Rules 


We've added 3 conditions for our rule. 


Rule Creation Tum help tips: On | Off Launch help x 


Step 2 of 4 Rule conditions 
1 Rule Details « Conditions Besse 
d Geier Kennen atch pri ggering the action. All the conditions must be met to trigger this rule, so pick them 

(2) Conditions v areful nditior ed in five scope ie ver, re respon: ach ip menu will assist you in 
e various keys available 

3 Actions 
When 

Review And Confirm C2 

1 CREME qua 172.26.10.123 
2 leste equa 45678 


à EN cour sun 


Here's the conditions: 


client.ip.address EQUAL "172.26.10.123" 
client.tcp.port EQUAL "45678" 
transaction.day EQUAL "Sunday" 


How does this rule work? The rule gets executed only when all conditions are met. 
Otherwise, the rule gets ignored. 


In the actions panel of the wizard, you tell us what action to take when events match the 
conditions in the rule. 


Rule Creation Tum help tips: On| Off Launchhelp X% 
Step 3 of 4 Rule actions 
1 Rule Details vy Actions €) REQUIRED FIELDS 


2 Conditions 


o Actions 


4 Review And Confirm 


Action* Allow x 


Log* No G 


Once created, assign one or more rules to your web application from within the web 
application wizard. Rules are executed in the order defined in web application settings. 


Good to know 


Rules are parsed from top to bottom, in the order defined in web application settings. 
Custom rules support regular expressions with PCRE. Character escaping is possible with 
the backslash (\). 
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Upgrading WAF clusters 


Upgrading WAF clusters 


Our service regularly releases scanner appliance software to bring you our latest features 
and improvements. When software updates are available use the cluster Upgrade option 
to upgrade all Scanner Appliances registered to that cluster. 


The WAF Scanner Appliances by Version graph tells you whether there's software updates 
available for your Scanner Appliances You will see the number of appliances running the 
latest or outdated versions. 


Web Application Firewall {v 


Dashboard Events Web Applications Security WAF Appliances 


WAF Appliances WAF Clusters WAF Appliances 


or WAF appliances by entering properties 


Graph Filters By Status By Platform By Score By Deployment 
Appliances up-to-date (Version 1.5.0 or higher) 100% 
QE] EE | 


Total appliances 


Appliances with latest version or higher 2 


Appliances with outdated version 0 


To upgrade a WAF cluster, go to WAF Appliances > WAF cluster, and then click Upgrade in 
the Quick Actions menu of the cluster that you want to upgrade. 


Web Application Firewall v 


Dashboard Events WebApplications Security WAF Appliances 


WAF Appliances WAF Clusters WAF Appliances 


Search for WAF clusters by entering properties 


Actions (1) w New WAF Cluster | | New WAF Appliance 


Name/ Token Total Web Applications 
Kë ESCH 
Singapore View 
Edit 
> NewWAFcluster 
e Add Appliance 


Add Tags 
Remove Tags 


) Appliance_test 


Delete 


Note: The Upgrade option is not available until the time you have chosen to freeze auto- 
updates. See Schedule appliance auto-update. 


You get a confirmation message displaying the number of appliances registered to the 
cluster. Click Confirm to upgrade. 


To verify successful upgrade, check the WAF Scanner Appliances by Version graph. The 
number of appliances you have upgraded should get added to the number of Appliances 
with latest version or higher. 
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Upgrading WAF clusters 
Schedule appliance auto-update 


Schedule appliance auto-update 


You can choose when the appliances registered with a cluster get auto-updated. Select 
days of the week and the start time. By default, auto-update is enabled for all days of the 
week. 


You can choose to freeze auto-updates until a specific date. Auto-updates are stopped up 
to the end date and then resumed. 


Simply go to WAF Appliances > WAF Cluster, create a new cluster or edit an existing 
cluster, and then click Automatic Updates. 


WAF Cluster Creation Turn help tips: On| Off Launchhelp % 


Step 3 of 4 Schedule Appliance Updates 
1 Cluster Details Appliance scheduled update configuration () REQUIRED FIELDS 
2 Configuration em ose when the appliances regisiere 
Enable Gm 
[3] Automatic Updates ` 
F1 Monday © Tuesday M Wednesday [~] Thursday VA Friday F1 Saturday [M] Sunday 
4 Review And Confirm Start time* ECH ` 
Time Zone" (GMT 05:30) India Standard Time (IST Asia/Colombo) oy, 


Freeze period 


End date [a 


In the clusters table, hovering over the FE icon in the Last Update column shows the time 
when the next scheduled update is planned. 
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Upgrading WAF clusters 
Schedule appliance auto-update 


Upgrading specific WAF appliances 


Upgrading specific WAF appliances 


You can upgrade specific WAF appliances manually. It is recommended not to upgrade a 
WAF appliance if the associated cluster is in freeze period. See Schedule appliance auto- 


update. 


| 
Web Application Firewall 


Dashboard Events 


WAF Appliances 


waf-appliance 


Search for WAF appliances by 


Actions (1) V New WAF Appliance 


v 


Web Applications 


WAF Clusters 


entering properties 


ji 0-04 
& Quick Actions 


Security WAF Appliances 


WAF Appliances | 


Platform Cluster Version 


1.5.0 


Deprovision 
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To upgrade a specific appliance, go to 
WAF Appliances > WAF Appliances, 
and then select Upgrade from the 
Quick Actions menu of the appliance. 


Contact Support 


Contact Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your 
questions will be answered in the fastest time possible. We support you 7 days a week, 
24 hours a day. Access online support information at www.qualys.com/support/. 
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